load("//bazel:mongo_src_rules.bzl", "idl_generator", "mongo_cc_fuzzer_test", "mongo_cc_integration_test", "mongo_cc_library", "mongo_cc_unit_test")

package(default_visibility = ["//visibility:public"])

exports_files(
    glob([
        "*.h",
        "*.hpp",
        "*.cpp",
    ]),
)

# Headers designed to be used without source code. Split these out
# into targets if they're meant to be used with source code.
filegroup(
    name = "headers",
    srcs = [
        "cidr.h",
        "hostandport.h",
        "sockaddr.h",
        "ssl_peer_info.h",
        "ssl_types.h",
    ],
)

mongo_cc_library(
    name = "ssl_options",
    srcs = [
        "ssl_options.cpp",
    ],
    deps = [
        "//src/mongo:base",
        "//src/mongo/util/options_parser",
    ],
)

mongo_cc_library(
    name = "ssl_types",
    srcs = [
        "ssl_types.cpp",
    ],
    deps = [
        ":ssl_options",
        "//src/mongo:base",
    ],
)

mongo_cc_library(
    name = "ssl_parameters_auth",
    srcs_select = [{
        "//bazel/config:ssl_enabled": [
            "ssl_parameters_auth.cpp",
            "ssl_parameters_auth_gen",
        ],
        "//conditions:default": [
            "ssl_parameters_auth_none.cpp",
        ],
    }],
    deps = select({
        "//bazel/config:ssl_enabled": [
            ":ssl_options",
            "//src/mongo:base",
            "//src/mongo/client:authentication",
            "//src/mongo/db/auth:cluster_auth_mode",
        ],
        "//conditions:default": [
            "//src/mongo:base",
        ],
    }),
)

mongo_cc_library(
    name = "openssl_init",
    srcs = [
        "openssl_init.cpp",
    ],
    linkopts = [
        "-lssl",
    ],
    target_compatible_with = select({
        "//bazel/config:mongo_crypto_openssl": [],
        "//conditions:default": ["@platforms//:incompatible"],
    }),
    deps = [
        ":ssl_options",
        "//src/mongo:base",
        "//src/mongo/crypto:symmetric_crypto",
    ],
)

# Include this library from locations where
# OpenSSL support is needed.
# If we happen to be on a non-OpenSSL build,
# then the inclusion is a no-op.
mongo_cc_library(
    name = "openssl_init_shim",
    srcs = [],
    deps = select({
        "//bazel/config:mongo_crypto_openssl": [":openssl_init"],
        "//conditions:default": [],
    }),
)

idl_generator(
    name = "hostandport_gen",
    src = "hostandport.idl",
)

idl_generator(
    name = "ssl_options_client_gen",
    src = "ssl_options_client.idl",
    deps = [
        "//src/mongo/db:basic_types_gen",
    ],
)

mongo_cc_library(
    name = "ssl_options_client",
    srcs = [
        "ssl_options_client.cpp",
        "ssl_options_client_gen",
    ],
    deps = [
        ":ssl_options",
        "//src/mongo:base",
        "//src/mongo/util/options_parser",
    ],
)

idl_generator(
    name = "ssl_options_server_gen",
    src = "ssl_options_server.idl",
    deps = [
        "//src/mongo/db:basic_types_gen",
    ],
)

mongo_cc_library(
    name = "ssl_options_server",
    srcs = [
        "ssl_options_server.cpp",
        "ssl_options_server_gen",
    ],
    deps = [
        ":ssl_options",
        "//src/mongo/db:server_base",
        "//src/mongo/db/auth:auth_options",
        "//src/mongo/db/auth:cluster_auth_mode",
        "//src/mongo/util/options_parser",
    ],
)

idl_generator(
    name = "ssl_parameters_gen",
    src = "ssl_parameters.idl",
    deps = [
        "//src/mongo/crypto:sha256_block_gen",
        "//src/mongo/db/auth:auth_types_gen",
    ],
)

mongo_cc_library(
    name = "ssl_manager",
    srcs = [
        "sock.cpp",
    ],
    srcs_select = [
        {
            "//bazel/config:ssl_enabled": [
                "//src/mongo/util/net/private:ssl_expiration.cpp",
                "ssl_manager.cpp",
                "ssl_parameters.cpp",
                "ssl_stream.cpp",
                "//src/mongo/util/net/ssl",
                "//src/mongo/util/net/ssl/impl",
                "//src/mongo/util/net/ssl/detail",
                "//src/mongo/util/net/ssl/detail/impl",
                "ssl_peer_info.cpp",
                "ssl_parameters_gen",
                "//src/mongo/util/net/ocsp:ocsp_manager.cpp",
            ],
            "//conditions:default": [],
        },
        {
            "//bazel/config:ssl_provider_{}".format(ssl_provider): [
                "ssl_manager_{}.cpp".format(ssl_provider),
            ]
            for ssl_provider in [
                "apple",
                "openssl",
                "windows",
                "none",
            ]
        } | {
            "//conditions:default": [],
        },
    ],
    deps = [
        "network",
        "ssl_options",
        "//src/mongo:base",
        "//src/mongo/util:background_job",
    ] + select({
        "//bazel/config:ssl_enabled": [
            ":http_client",
            ":ssl_types",
            ":ssl_util",
            "//src/mongo/base:secure_allocator",
            "//src/mongo/client:internal_auth",
            "//src/mongo/crypto:sha_block",
            "//src/mongo/db:connection_health_metrics_parameter",
            "//src/mongo/db:server_base",
            "//src/mongo/db:server_feature_flags",
            "//src/mongo/db:service_context",
            "//src/mongo/db/auth",
            "//src/mongo/db/auth:cluster_auth_mode",
            "//src/mongo/util:caching",
            "//src/mongo/util:icu",
            "//src/mongo/util:winutil",
            "//src/mongo/util/concurrency:thread_pool",
            "//src/third_party/asio",
        ],
        "//conditions:default": [],
    }) + select({
        "//bazel/config:ssl_provider_openssl": [":openssl_init"],
        "//conditions:default": [],
    }),
)

idl_generator(
    name = "ssl_parameters_auth_gen",
    src = "ssl_parameters_auth.idl",
)

mongo_cc_library(
    name = "mock_http_client",
    srcs = ["http_client_mock.cpp"],
    deps = [
        "//src/mongo:base",
    ],
)

idl_generator(
    name = "http_client_options_gen",
    src = "http_client_options.idl",
)

mongo_cc_library(
    name = "http_client",
    srcs = ["http_client.cpp"],
    deps = [
        "//src/mongo:base",
        "//src/mongo/db/commands:test_commands_enabled",
    ],
)

mongo_cc_library(
    name = "hostandport_impl",
    srcs = [
        "hostandport.cpp",
        ":hostandport_gen",
    ],
    deps = [
        "//src/mongo:base",
        "//src/mongo/idl:idl_parser",
    ],
)

mongo_cc_library(
    name = "network",
    srcs = [
        "cidr.cpp",
        "hostname_canonicalization.cpp",
        "sockaddr.cpp",
        "socket_exception.cpp",
        "socket_utils.cpp",
    ],
    deps = [
        ":hostandport_impl",
        "//src/mongo/db:server_base",
        "//src/mongo/util:winutil",
        "//src/mongo/util/concurrency:spin_lock",
    ],
)

mongo_cc_library(
    name = "ssl_util",
    srcs = [
        "ssl_util.cpp",
    ],
    deps = [
        "//src/mongo:base",
    ],
)

config_setting(
    name = "http_client_enabled_windows",
    constraint_values = [
        "@platforms//os:windows",
    ],
    flag_values = {
        "//bazel/config:http_client": "True",
    },
)

mongo_cc_library(
    name = "http_client_impl",
    linkopts = select({
        ":http_client_enabled_windows": [
            "winhttp.lib",
        ],
        "//bazel/config:http_client_enabled": [
            "-lcurl",
        ],
        "//conditions:default": [],
    }),
    srcs_select = [
        {
            "//bazel/config:http_client_enabled": [
                "http_client_options.cpp",
                ":http_client_options_gen",
            ],
            "//conditions:default": [
                "http_client_none.cpp",
            ],
        },
        {
            ":http_client_enabled_windows": [
                "http_client_winhttp.cpp",
            ],
            "//bazel/config:http_client_enabled": [
                "http_client_curl.cpp",
            ],
            "//conditions:default": [],
        },
    ],
    deps = [
        ":http_client",
        "//src/mongo:base",
    ] + select({
        "//bazel/config:http_client_enabled": [
            ":network",
            "//src/mongo/executor:connection_pool_executor",
            "//src/mongo/util:alarm",
            "//src/mongo/util/concurrency:thread_pool",
        ],
        "//conditions:default": [],
    }),
)

mongo_cc_unit_test(
    name = "util_net_test",
    srcs = [
        "cidr_test.cpp",
        "hostandport_test.cpp",
        "http_client_test.cpp",
    ],
    tags = ["mongo_unittest_second_group"],
    deps = [
        ":http_client",
        ":network",
    ],
)

mongo_cc_library(
    name = "sock_test_utils",
    srcs = [
        "sock_test_utils.cpp",
    ],
    deps = [
        ":network",
        ":ssl_manager",
    ],
)

mongo_cc_unit_test(
    name = "util_net_ssl_test",
    srcs = [
        "sock_test.cpp",
        "ssl_manager_test.cpp",
        "ssl_options_test.cpp",
    ],
    data = [
        "//jstests/libs:test_pem_files",
    ],
    tags = ["mongo_unittest_second_group"],
    target_compatible_with = select({
        "//bazel/config:ssl_enabled": [],
        "//conditions:default": ["@platforms//:incompatible"],
    }),
    deps = [
        ":network",
        ":sock_test_utils",
        ":ssl_manager",
        ":ssl_options_server",
        ":ssl_types",
        "//src/mongo/client:connection_string",
        "//src/mongo/db:server_options_servers",
        "//src/mongo/transport:transport_layer",
        "//src/mongo/util/cmdline_utils",
    ],
)

mongo_cc_fuzzer_test(
    name = "asn1_parser_fuzzer",
    srcs = [
        "asn1_parser_fuzzer.cpp",
    ],
    deps = [
        "//src/mongo:base",
        "//src/mongo/db/shard_role/lock_manager",
        "//src/mongo/transport:transport_layer_common",
        "//src/mongo/util/net:ssl_manager",
    ],
)

mongo_cc_integration_test(
    name = "network_interface_ssl_test",
    srcs = [
        "network_interface_ssl_test.cpp",
    ],
    target_compatible_with = select({
        "//bazel/config:ssl_enabled": [],
        "//conditions:default": ["@platforms//:incompatible"],
    }),
    deps = [
        "//src/mongo/client:connection_string",
        "//src/mongo/db/auth:builtin_roles",
        "//src/mongo/db/auth:user",
        "//src/mongo/executor:network_interface",
        "//src/mongo/executor:network_interface_factory",
        "//src/mongo/executor:network_interface_fixture",
        "//src/mongo/executor:network_interface_thread_pool",
        "//src/mongo/executor:thread_pool_task_executor",
        "//src/mongo/transport:transport_layer_egress_init",
        "//src/mongo/util:version_impl",
        "//src/mongo/util/concurrency:thread_pool",
    ],
)
